MobileIron and Good confirm invulnerability to "Heartbleed" OpenSSL attack (updated with more providers)

strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.

strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.

strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.

strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.

strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.

strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.

strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.

strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.

strict warning: Declaration of views_handler_field_user_name::init() should be compatible with views_handler_field_user::init(&$view, $data) in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/views/modules/user/views_handler_field_user_name.inc on line 61.

We've been following the recent disclosure of a massive OpenSSL bug and its affect on MDM. This is a potentially major issue for device management. Due to the trust chain of Apple's APNS, an exposed MDM server may require all devices to be unenrolled and reenrolled by hand.

We've heard good news so far (excuse the pun) from twothreefour providers:

I've reached out to other vendors but have not yet heard a response. If you have any news please share below, and I will update the thread.

It is worth repeating that the vulnerability is not the fault of the MDM vendor and not the fault of Apple. It's in a library of cryptographic functions that is very commonly used within other applications.

thomrburg

Citrix XenMobile App Controller: XenMobile App Controller versions 2.9 and 2.10 are vulnerable to CVE-2014-0160. Details regarding the availability of patches for these versions will be added to this document as soon as they are available. In deployments where the App Controller is deployed behind a NetScaler, or other gateway device that terminates the TLS connection, the level of exposure is reduced.